You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@bval.apache.org by "Albert Lee (JIRA)" <ji...@apache.org> on 2010/11/16 22:55:13 UTC
[jira] Created: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Java 2 security violations in ClassValidator.validate
-----------------------------------------------------
Key: BVAL-87
URL: https://issues.apache.org/jira/browse/BVAL-87
Project: BeanValidation
Issue Type: Bug
Components: jsr303
Affects Versions: 0.3-incubating
Reporter: Albert Lee
Fix For: 0.3-incubating
Hitting a few Java 2 security access control exception during validation.
java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
at java.lang.Class.checkMemberAccess(Class.java:105)
at java.lang.Class.getDeclaredFields(Class.java:535)
at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.Thread.getContextClassLoader(Thread.java:457)
at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
Working through the doPriv location required in the path.
WIll post a patch when testing is complete.
Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Albert Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Albert Lee updated BVAL-87:
---------------------------
Attachment: BVAL-87.1.patch
Tests are passing after apply the .1 patch.
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.1.patch, BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Albert Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Albert Lee closed BVAL-87.
--------------------------
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.1.patch, BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Albert Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12966575#action_12966575 ]
Albert Lee commented on BVAL-87:
--------------------------------
The new exception showed that the commons.lang is NOT Java 2 enabled.
Should we pursue to get commons.lang project to add the doPriv in their code base or add doPriv() enabled equivalent ClassUtils functions in bval?
Albert Lee.
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Albert Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Albert Lee resolved BVAL-87.
----------------------------
Resolution: Fixed
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.1.patch, BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Albert Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12966650#action_12966650 ]
Albert Lee commented on BVAL-87:
--------------------------------
This is the next exception after fixed the previous ones:
java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java)
at org.apache.bval.util.MethodAccess.<init>(MethodAccess.java:50)
at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:166)
at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Reopened: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Albert Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Albert Lee reopened BVAL-87:
----------------------------
Found the following new AccessControlExceptions:
java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
at java.lang.Throwable.<init>(Throwable.java:56)
at java.lang.Throwable.<init>(Throwable.java:67)
at java.lang.Exception.<init>(Exception.java:52)
at java.lang.RuntimeException.<init>(RuntimeException.java:54)
at java.lang.SecurityException.<init>(SecurityException.java:46)
at java.security.AccessControlException.<init>(AccessControlException.java:62)
at java.security.AccessController.checkPermission(AccessController.java:68)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.Thread.getContextClassLoader(Thread.java:457)
at org.apache.commons.lang.ClassUtils.getClass(ClassUtils.java:675)
at org.apache.commons.lang.ClassUtils.getClass(ClassUtils.java:660)
at org.apache.bval.jsr303.resolver.DefaultTraversableResolver.initJpa(DefaultTraversableResolver.java:75)
at org.apache.bval.jsr303.resolver.DefaultTraversableResolver.<init>(DefaultTraversableResolver.java:48)
at org.apache.bval.jsr303.ConfigurationImpl.<init>(ConfigurationImpl.java:85)
java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.lang.Throwable.<init>(Throwable.java:56)
at java.lang.Throwable.<init>(Throwable.java:67)
at java.lang.Exception.<init>(Exception.java:52)
at java.lang.RuntimeException.<init>(RuntimeException.java:54)
at java.lang.SecurityException.<init>(SecurityException.java:46)
at java.security.AccessControlException.<init>(AccessControlException.java:62)
at java.security.AccessController.checkPermission(AccessController.java:68)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:118)
at org.apache.bval.util.FieldAccess.<init>(FieldAccess.java:38)
at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:137)
at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Jeremy Bauer (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12966675#action_12966675 ]
Jeremy Bauer commented on BVAL-87:
----------------------------------
Committed patch BVAL-87.1.patch for Albert under revision r1042001.
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.1.patch, BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Donald Woods (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Donald Woods resolved BVAL-87.
------------------------------
Resolution: Fixed
r1036603
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (BVAL-87) Java 2 security violations in
ClassValidator.validate
Posted by "Albert Lee (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Albert Lee updated BVAL-87:
---------------------------
Attachment: BVAL-87.patch
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.